<?php

//////////////////////////////////////////////////////
// GPAC Database is Copyright 2002 Colin Todd       //
// Written by Colin Todd - All rights reserved.     //
//                                                  //
// colintodd@myfastmail.com                         //
//////////////////////////////////////////////////////

//check user is logged in
include_once('_includes/master_include.php');

$root = './';
include($root . 'include/header.php');
include($root . 'include/dbconnect.php');
$PHPSESSID = @$_GET['PHPSESSID'];

//if(!strlen($PHPSESSID)>0 ) {
//	$PHPSESSID = @$_SESSION['PHPSESSID'];
	
//}

start_div_main();
?>
<table cellpadding=2 border=0>
<tr>
	<td>
<?
	echo"<font class=\"titlename2\">Add New User</font>";
?>
	</td>
</tr></table>



<?php
require('db_connect.php');	// database connect script.

if (isset($_POST['submit'])) { // if form has been submitted
	/* check they filled in what they supposed to, 
	passwords matched, username
	isn't already taken, etc. */
//echo "<pre>";
//print_r($_POST);
//echo "</pre>";

		$error_occurred = FALSE;

	if (!$_POST['uname'] | !$_POST['passwd'] | !$_POST['passwd_again'] ) {
		echo('You did not fill in a required field.');
		$error_occurred = TRUE;
	}

	// check if username exists in database.

	if (!get_magic_quotes_gpc()) {
		$_POST['uname'] = addslashes($_POST['uname']);
	}



	$name_check = $db_object->query("SELECT username FROM Users WHERE username = '".$_POST['uname']."'");

	if (DB::isError($name_check)) {
		echo($name_check->getMessage());
		$error_occurred = TRUE;
	}
	$name_checkk = $name_check->numRows();

	if ($name_checkk != 0) {
		echo('Sorry, the username: <strong>'.$_POST['uname'].'</strong> is already taken, please pick another one.');
		$error_occurred = TRUE;
	}

	// check passwords match

	if ($_POST['passwd'] != $_POST['passwd_again']) {
		echo('Passwords did not match.');
		$error_occurred = TRUE;
	}
	
// check e-mail format

//	if (!preg_match("/.*@.*..*/", $_POST['email']) | preg_match("/(<|>)/", $_POST['email'])) {
//		die('Invalid e-mail address.');
//	}

	// no HTML tags in username, website, location, password

	$_POST['uname'] = strip_tags($_POST['uname']);
	$_POST['passwd'] = strip_tags($_POST['passwd']);

	// now we can add them to the database.
	// encrypt password
if(!$error_occurred) {
	

	$_POST['passwd'] = md5($_POST['passwd']);
	$_POST['passwd_again'] = md5($_POST['passwd_again']);

	if (!get_magic_quotes_gpc()) {
		$_POST['passwd'] = addslashes($_POST['passwd']);
//		$_POST['email'] = addslashes($_POST['email']);
//		$_POST['website'] = addslashes($_POST['website']);
//		$_POST['location'] = addslashes($_POST['location']);
	}



	$regdate = date('m d, Y');
	$insert = "INSERT INTO Users (
			username, 
			pw, 
			CreationTMS,
			CreationUserId,
			ModificationTMS, 
			ModificationUserId, 
			ViewPrivateIndicator,
			AddEditIndicator, 
			DeleteIndicator, 
			ModifyIndicator,
			AdminIndicator) 
			VALUES (
			'".$_POST['uname']."', 
			'".$_POST['passwd']."', 
			now(),
			'".$_SESSION['username']."', 				
			now(),
			'".$_SESSION['username']."', 
			'".$_POST['ViewPrivateInd']."', 
			'".$_POST['AddUsersInd']."', 
			'".$_POST['DelInd']."', 
			'".$_POST['EditUsersInd']."', 
			'".$_POST['AdminInd']."')";

	//	echo "$insert<p>";

			$add_member = $db_object->query($insert);


	if (DB::isError($add_member)) {
		echo ($add_member->getMessage());
		$error_occurred = TRUE;
//		echo "c";

	}
	else {
		$error_occurred = FALSE;
	
			$PACTS_cfg->InsertAuditTrailEntry("", "" ,"INSERT","Users","COMPLETE ENTRY",$_SESSION['username'], $_SERVER['PHP_SELF'],"");
			$PACTS_cfg->InsertAuditTrailEntry("", $_POST['uname'] ,"Add","Users","username", $_SESSION['username'], $_SERVER['PHP_SELF'],"");
			$PACTS_cfg->InsertAuditTrailEntry("", $_POST['passwd'] ,"Add","Users","pw", $_SESSION['username'], $_SERVER['PHP_SELF'],"");
			$PACTS_cfg->InsertAuditTrailEntry("", $_POST['ViewPrivateInd'] ,"Add","Users","ViewPrivateIndicator", $_SESSION['username'], $_SERVER['PHP_SELF'],"");
			$PACTS_cfg->InsertAuditTrailEntry("", $_POST['AddUsersInd'],"Add","Users","AddEditIndicator", $_SESSION['username'], $_SERVER['PHP_SELF'],"");
			$PACTS_cfg->InsertAuditTrailEntry("", $_POST['DelInd'],"Add","Users","DeleteIndicator", $_SESSION['username'], $_SERVER['PHP_SELF'],"");
			$PACTS_cfg->InsertAuditTrailEntry("", $_POST['EditUsersInd'] ,"Add","Users","ModifyIndicator", $_SESSION['username'], $_SERVER['PHP_SELF'],"");
			$PACTS_cfg->InsertAuditTrailEntry("", $_POST['AdminInd'] ,"Add","Users","AdminIndicator", $_SESSION['username'], $_SERVER['PHP_SELF'],""	);



$URLmessage = "<h1>New User Added!</h1>";

$URLmessage .= "<p>Thank you, your information has been added to the database, ";
$URLmessage .= "you may now <a href=\"login.php\" title=\"Login\">log in</a>.</p>";


$URL = "Location: http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/User_edit.php?&PHPSESSID=".$PHPSESSID."&URLmessage=$URLmessage";
header($URL);
exit;
	
	
	
	
	}
	$db_object->disconnect();
} 
}
if (!isset($_POST['submit']) or $error_occurred = TRUE);

{	// if form hasn't been submitted

?>
<form action="<?php echo $_SERVER['PHP_SELF']."?PHPSESSID=".$PHPSESSID; ?>" method="post">

<table border="0" cellspacing="0" cellpadding="3">
<tr><td class="txtbotH">Username*:</td><td>
<input type="text" name="uname" maxlength="40" value="<?php if (@$error_occurred){ echo @$_POST['uname'] ;} ?>">
</td></tr>
<tr><td class="txtbotH">Password*:</td><td>
<input type="password" name="passwd" maxlength="50" value="<?php if (@$error_occurred){ echo @$_POST['passwd'];} ?>">
</td></tr>
<tr><td class="txtbotH">Confirm Password*:</td><td>
<input type="password" name="passwd_again" maxlength="50" value="<?php if (@$error_occurred){ echo @$_POST['passwd_again'];} ?>">
</td></tr>
<tr><td class="txtbotH">View Private Data:</td><td>
<select name="ViewPrivateInd">
<option value="Y" <?php if (@$error_occurred and @$_POST['ViewPrivateInd']=="Y"){ echo ' selected="selected" ';} ?>
>Yes</option>
<option value="N" <?php if (@$error_occurred and @$_POST['ViewPrivateInd']=="Y"){ echo ' selected="selected" ';}
if (!@$error_occurred ) { echo ' selected="selected"' ;}?>>No</option></select>
</td></tr>
<tr><td class="txtbotH">Administrator:</td><td>
<select name="AdminInd">
<option value="Y">Yes</option>
<option value="N" selected="selected">No</option></select>
</td></tr>
<tr><td class="txtbotH">Add Users</td><td>
<select name="AddUsersInd">
<option value="Y">Yes</option>
<option value="N" selected="selected">No</option></select>
</td></tr>
<tr><td class="txtbotH">Edit Users</td><td>
<select name="EditUsersInd">
<option value="Y">Yes</option>
<option value="N" selected="selected">No</option></select>
</td></tr>
<tr><td class="txtbotH">Delete Users</td><td>
<select name="DelInd">
<option value="Y">Yes</option>
<option value="N" selected="selected">No</option></select>
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Sign Up" class="smalltxtInput">
</td></tr>
</table>
</form>

<?php
	echo "<font class=\"smalltxt\">* Mandatory Fields</font<p>&nbsp;";
}

end_div_main();
?> 

<?php
include($root . 'include/footer.php');
?>